Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added last week4 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.8AI score0.00558EPSS
Exploits0References5
OSV
OSV
added 2026/05/14 2:16 p.m.4 views

UBUNTU-CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00324EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005376)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005376 advisory. Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocati...

5.9CVSS6.2AI score0.00307EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/14 1:0 p.m.12 views

CVE-2025-8713 PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...

3.1CVSS0.00205EPSS
Exploits0References1
Amazon
Amazon
added 2024/10/02 12:0 a.m.4 views

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

8.8CVSS7.8AI score0.01565EPSS
Exploits0
Rows per page
Query Builder